--- name: Release on version.js update on: push: branches: ["master"] paths: - public/js/version.js workflow_dispatch: inputs: ref: description: "Ref (branch/sha) to build from (default: master)" required: false version: description: "Explicit version tag to release (e.g., v1.8.12). If empty, parse from public/js/version.js." required: false permissions: contents: write jobs: release: runs-on: ubuntu-latest # Only run on: # - push (master + version.js path filter already enforces that) # - manual dispatch if: | github.event_name == 'push' || github.event_name == 'workflow_dispatch' # Duplicate safety; also step "Skip if tag exists" will no-op if already released. concurrency: group: release-${{ github.event_name }}-${{ github.run_id }} cancel-in-progress: false steps: - name: Resolve source ref id: pickref shell: bash run: | set -euo pipefail if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then if [[ -n "${{ github.event.inputs.ref }}" ]]; then REF_IN="${{ github.event.inputs.ref }}" else REF_IN="master" fi # Resolve to a commit sha (allow branches or shas) if git ls-remote --exit-code --heads https://github.com/${{ github.repository }}.git "$REF_IN" >/dev/null 2>&1; then REF="$REF_IN" else # Accept SHAs too; we’ll let checkout validate REF="$REF_IN" fi else REF="${{ github.sha }}" fi echo "ref=$REF" >> "$GITHUB_OUTPUT" echo "Using ref=$REF" - name: Checkout chosen ref (full history + tags, no persisted token) uses: actions/checkout@v4 with: ref: ${{ steps.pickref.outputs.ref }} fetch-depth: 0 persist-credentials: false - name: Determine version id: ver shell: bash run: | set -euo pipefail if [[ -n "${{ github.event.inputs.version || '' }}" ]]; then VER="${{ github.event.inputs.version }}" else # Parse APP_VERSION from public/js/version.js (expects vX.Y.Z) if [[ ! -f public/js/version.js ]]; then echo "public/js/version.js not found; cannot auto-detect version." >&2 exit 1 fi VER="$(grep -Eo "APP_VERSION\s*=\s*['\"]v[^'\"]+['\"]" public/js/version.js | sed -E "s/.*['\"](v[^'\"]+)['\"].*/\1/")" if [[ -z "$VER" ]]; then echo "Could not parse APP_VERSION from public/js/version.js" >&2 exit 1 fi fi echo "version=$VER" >> "$GITHUB_OUTPUT" echo "Detected version: $VER" - name: Skip if tag already exists id: tagcheck shell: bash run: | set -euo pipefail if git rev-parse -q --verify "refs/tags/${{ steps.ver.outputs.version }}" >/dev/null; then echo "exists=true" >> "$GITHUB_OUTPUT" echo "Tag ${{ steps.ver.outputs.version }} already exists. Skipping release." else echo "exists=false" >> "$GITHUB_OUTPUT" fi - name: Prepare stamp script if: steps.tagcheck.outputs.exists == 'false' shell: bash run: | set -euo pipefail sed -i 's/\r$//' scripts/stamp-assets.sh || true chmod +x scripts/stamp-assets.sh - name: Build stamped staging tree if: steps.tagcheck.outputs.exists == 'false' shell: bash run: | set -euo pipefail VER="${{ steps.ver.outputs.version }}" rm -rf staging rsync -a \ --exclude '.git' --exclude '.github' \ --exclude 'resources' \ --exclude '.dockerignore' --exclude '.gitattributes' --exclude '.gitignore' \ ./ staging/ bash ./scripts/stamp-assets.sh "${VER}" "$(pwd)/staging" - name: Verify placeholders removed if: steps.tagcheck.outputs.exists == 'false' shell: bash run: | set -euo pipefail ROOT="$(pwd)/staging" if grep -R -n -E "{{APP_QVER}}|{{APP_VER}}" "$ROOT" \ --include='*.html' --include='*.php' --include='*.css' --include='*.js' 2>/dev/null; then echo "Unreplaced placeholders found in staging." >&2 exit 1 fi echo "OK: No unreplaced placeholders." - name: Zip artifact if: steps.tagcheck.outputs.exists == 'false' shell: bash run: | set -euo pipefail VER="${{ steps.ver.outputs.version }}" (cd staging && zip -r "../FileRise-${VER}.zip" . >/dev/null) - name: Compute SHA-256 if: steps.tagcheck.outputs.exists == 'false' id: sum shell: bash run: | set -euo pipefail ZIP="FileRise-${{ steps.ver.outputs.version }}.zip" SHA=$(shasum -a 256 "$ZIP" | awk '{print $1}') echo "$SHA $ZIP" > "${ZIP}.sha256" echo "sha=$SHA" >> "$GITHUB_OUTPUT" echo "Computed SHA-256: $SHA" - name: Extract notes from CHANGELOG (optional) if: steps.tagcheck.outputs.exists == 'false' id: notes shell: bash run: | set -euo pipefail NOTES_PATH="" if [[ -f CHANGELOG.md ]]; then awk ' BEGIN{found=0} /^## / && !found {found=1} found && /^---$/ {exit} found {print} ' CHANGELOG.md > CHANGELOG_SNIPPET.md || true sed -i -e :a -e '/^\n*$/{$d;N;ba' -e '}' CHANGELOG_SNIPPET.md || true if [[ -s CHANGELOG_SNIPPET.md ]]; then NOTES_PATH="CHANGELOG_SNIPPET.md" fi fi echo "path=$NOTES_PATH" >> "$GITHUB_OUTPUT" - name: Compute previous tag (for Full Changelog link) if: steps.tagcheck.outputs.exists == 'false' id: prev shell: bash run: | set -euo pipefail VER="${{ steps.ver.outputs.version }}" PREV=$(git tag --list "v*" --sort=-v:refname | grep -v -F "$VER" | head -n1 || true) if [[ -z "$PREV" ]]; then PREV=$(git rev-list --max-parents=0 HEAD | tail -n1) fi echo "prev=$PREV" >> "$GITHUB_OUTPUT" echo "Previous tag/baseline: $PREV" - name: Build release body if: steps.tagcheck.outputs.exists == 'false' shell: bash run: | set -euo pipefail VER="${{ steps.ver.outputs.version }}" PREV="${{ steps.prev.outputs.prev }}" REPO="${GITHUB_REPOSITORY}" COMPARE_URL="https://github.com/${REPO}/compare/${PREV}...${VER}" ZIP="FileRise-${VER}.zip" SHA="${{ steps.sum.outputs.sha }}" { echo if [[ -s CHANGELOG_SNIPPET.md ]]; then cat CHANGELOG_SNIPPET.md echo fi echo "## ${VER}" echo "### Full Changelog" echo "[${PREV} → ${VER}](${COMPARE_URL})" echo echo "### SHA-256 (zip)" echo '```' echo "${SHA} ${ZIP}" echo '```' } > RELEASE_BODY.md sed -n '1,200p' RELEASE_BODY.md - name: Create GitHub Release if: steps.tagcheck.outputs.exists == 'false' uses: softprops/action-gh-release@v2 with: tag_name: ${{ steps.ver.outputs.version }} target_commitish: ${{ steps.pickref.outputs.ref }} name: ${{ steps.ver.outputs.version }} body_path: RELEASE_BODY.md generate_release_notes: false files: | FileRise-${{ steps.ver.outputs.version }}.zip FileRise-${{ steps.ver.outputs.version }}.zip.sha256